Lucene search

SnykCVELIST:CVE-2022-21129

HistoryJan 31, 2023 - 5:00 a.m.

CVE-2022-21129

2023-01-3105:00:01

snyk

www.cve.org

nemo-appium

command injection

input sanitization

appium-running 0.1.3 vulnerability

package version 0.0.9

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

AI Score

9.9

Confidence

High

EPSS

0.004

Percentile

72.6%

JSON

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the ‘module.exports.setup’ function.

Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.

CNA Affected

[
  {
    "product": "nemo-appium",
    "versions": [
      {
        "version": "0",
        "lessThan": "0.0.9",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "vendor": "n/a"
  }
]

References

github.com/paypal/nemo-appium/blob/master/index.js%23L27

github.com/paypal/nemo-appium/commit/aa271d36dd5c81baae3c43aa2616c84f0ee4195f

security.snyk.io/vuln/SNYK-JS-NEMOAPPIUM-3183747

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

AI Score

9.9

Confidence

High

EPSS

0.004

Percentile

72.6%

JSON

Related for CVELIST:CVE-2022-21129